Available on crate feature
openbsd only.Expand description
priv_sep is a library for privilege separation.
It is currently designed around pledge(2) and
unveil(2) for OpenBSD, but
in the future may contain functionality for Linux’s
seccomp(2).
§Pledge
Calls to pledge(2) are done via Promises::pledge and pledge_none.
Note that since the use of execpromises is quite rare, NULL is always
used for it.
§Unveil
Calls to unveil(2) are done via Permissions::unveil and unveil_no_more.
§Errors
Any error returned from the underlying system call is propagated via io::Error.
Structs§
- Permissions
permissionstounveil(2).- Promises
- A set of
Promises that can only havePromises removed after creation.
Enums§
- Permission
- A permission in
Permissions. - Promise
- A
promisetopledge(2). - Unveil
Err - Error returned by
Permissions::unveil.
Functions§
- pledge_
none - Invokes
pledge(2)withNULLfor bothpromisesandexecpromises. - unveil_
no_ more - Invokes
unveil(2)by passingNULLfor bothpathandpermissions.